Founding Client Offer (Only for 5 Businesses) 25 Reviews Free or 3 Months Free — Whichever Comes First, plus 50% off for 1 year.

UK Data Processing Agreement

Last updated: 15 July 2025

1. Introduction

This Data Processing Agreement ("Agreement") forms part of the AlienRise Ltd Terms of Service and applies when AlienRise Ltd processes Personal Data on behalf of a Client (the "Controller") while providing its Services.

2. Parties

  • Controller: The business entity or organisation using AlienRise Ltd's Services and agreeing to the Terms of Service.
  • Processor: AlienRise Ltd, a company registered in England and Wales (Company No. 16578597) with its registered address at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ.

3. Purpose and scope

AlienRise Ltd processes Personal Data on behalf of the Controller for the purpose of providing its SaaS platform and related services, including:

  • A2P messaging (SMS, email)
  • CRM data synchronisation
  • Review collection, management and display
  • Related marketing and business automation features

4. Definitions

Terms like "Personal Data", "Processing", "Controller", "Processor", "Data Subject", and "Personal Data Breach" have the meanings given in the UK GDPR.

5. Client instructions

AlienRise Ltd will:

  • Process Personal Data only on the Controller's documented instructions as set out in this Agreement and the Terms of Service.
  • Inform the Controller if it believes an instruction infringes applicable data protection law.

The Controller is responsible for ensuring it has a lawful basis for the Processing and that Data Subjects have given any required consents (e.g., for A2P messaging).

6. Types of Personal Data and Data Subjects

Types of Personal Data:

  • First and last name
  • Email address
  • Phone number
  • Review content (may include special category data if provided voluntarily)
  • Business account information

Categories of Data Subjects:

  • End-customers or patients of the Controller
  • Business contacts and staff of the Controller

7. Duration

This Agreement remains in force for as long as AlienRise Ltd processes Personal Data on behalf of the Controller.

8. Processor obligations

AlienRise Ltd will:

  • Keep Personal Data confidential and ensure staff are bound by confidentiality.
  • Implement appropriate technical and organisational measures to protect Personal Data, including:
    • Encrypted connections (HTTPS, TLS)
    • Access controls and permissions
    • Secure hosting and reputable sub-processors
    • Audit logging for key integrations

9. Sub-processors

The Controller authorises AlienRise Ltd to engage the following sub-processors:

  • GoHighLevel — CRM storage and mailing/SMS delivery
  • CRM-Connector and/or Zapier — data sync with client CRMs
  • Twilio and TextGrid — A2P SMS delivery
  • Mailgun and Postmark — transactional and marketing email delivery

AlienRise Ltd will:

  • Ensure each sub-processor has equivalent data protection obligations.
  • Notify the Controller of new sub-processors and give the Controller 10 days to object on reasonable grounds.

10. International transfers

AlienRise Ltd may transfer Personal Data outside the UK/EEA if:

  • The destination has an adequate level of protection approved by the UK government, or
  • Standard Contractual Clauses (SCCs) or other safeguards are in place.

11. Data Subject rights

AlienRise Ltd will:

  • Provide reasonable assistance so the Controller can fulfil Data Subject requests (access, correction, erasure, restriction, portability, objection).
  • Forward any request received directly to the Controller.

12. Personal Data Breach

AlienRise Ltd will:

  • Notify the Controller without undue delay if it becomes aware of a Personal Data Breach.
  • Assist the Controller in meeting its obligations to notify supervisory authorities and Data Subjects if required.

13. Audits

AlienRise Ltd will make available information needed to demonstrate compliance with this Agreement and will allow reasonable audits by the Controller or its appointed auditor, provided:

  • Reasonable notice is given,
  • Audits occur during normal business hours,
  • Audits do not unreasonably interfere with operations.

14. Return or deletion

At the end of the Services, AlienRise Ltd will, at the Controller's choice, delete or return all Personal Data unless retention is required by law.

15. Liability

Each party's liability under this Agreement is limited in accordance with the Terms of Service.

16. Governing law

This Agreement is governed by the laws of England and Wales and any disputes will be resolved in the courts of England and Wales.

17. Effective date

This Data Processing Agreement is effective from the date the Client accepts the AlienRise Ltd Terms of Service.

18. Contact Information

If you have any questions regarding this Data Processing Agreement, please contact our Privacy Officer at:

Email: privacy@alienrise.ai

Role: Privacy Officer